VLAN DNS Server

Options

Hi all,

USG FLEX 100W running latest FW. I have configured multiple VLANs and they work but there is something I do not understand.

One VLAN has a few ports separated on my switch and clients only connect via a wired connection. VLAN config is follows: Network → Interface → VLAN → DHCP setting:

  • DHCP: DHCP Server
  • IP Pool Start Address: 10.0.xx.xxx Pool Size xx
  • First DNS Server: ZyWall

The issue I have is with the DNS Server. If I use "ZyWall" as "First DNS Server", I do not get any internet access on the VLAN clients. As soon as I use "Custom" and an external name server IP, it works. It also works when I use "From ISP" and "wan 1st DNS Server".

I have two policies in place:

  • VLAN_Out VLAN WAN
  • VLAN_Dev VLAN ZyWall

Why does "ZyWall" as DNS Server not work?

All Replies

  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2023
    Options

    Odd yes because "From ISP" means the USG is getting DNS from your ISP which "ZyWall" should use when clients go to gateway and the USG proxy the DNS to use your ISP DNS normally...

    Do your ISP DNS show up as default Domain Zone Forwarders in system > DNS ?

    does a packet capture on the USG WAN show out going DNS when a client does lookup to Zywall?

    Unless…have you setup a real DMZ setup or maybe something like it? because that would stop DNS to the WAN port but using "From ISP" would work as traffic routes out WAN comes in on bridge?.

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 754  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2023
    Options

    Hi @rFlt ,

    Greeting Forum, Please kindly show the settings of "System→DNS".

    And check you have default Zone Forwarder value and correct Service control.

    (Zone:VlanX , Action: Accept)

    If the issue persist, Please try to capture whether any DNS traffic reach to LAN interface and share your config by private message.

    Thank you

Security Highlight